PRIVACY NOTICE
(July 18th, 2023)
weConnect Holdings and its affiliates (“weConnect”, “we”, “us”) contributes to the success of its clients through business processes outsourcing and the provision of specialized skills at a high quality.
For the expansion of our business and to perform our duties, we consider the protection of Personal Data/ Information (ahead referred to as “Personal Data”) to be of vital importance.
This notice was formulated to inform you how we process your Personal Data both as the Controller (meaning the entity that defines the purpose and scope of Personal Data Processing Activities) and as a Processor (acting under the instructions of a Controller), while observing applicable Personal Data Protection legislation requirements; plus, which rights assist you under those laws and how you can exercise them; and additionally to show our commitment to information security and our promise is to abide by the rules set forth below.
Please take a few minutes to read and understand it.
Updating this Privacy Notice
weConnect reserves the right to modify this Privacy Notice at any time by posting an updated version on its websites. Such versions shall take effect from the date of posting (published above at the top of this notice).
What laws do we comply with?
This Privacy Notice is provided to you in accordance with the following applicable Personal Data Protection laws (as they may apply to the purpose and scope of our Personal Data Processing Activities) for these are, at present time, the most stringent in terms of protecting you and assuring your legal rights:
● Japan’s Act on the Protection of Personal Information (Act No. 57 of 2003 or APPI) which came into effect in 2003, had an adequacy decision from the European Commission (EC) in 2019 with regards to the GDPR and the most recent amendment in 2020.
● Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, also known as the General Data Protection Regulation (the GDPR).
● Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009, also known as the ePrivacy Directive, Directive 2002/58/EC concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.
● The California Consumer Privacy Act 2018 (CCPA) as amended by the California Consumer Privacy Rights Act (CPRA).
● Other applicable national laws.
Note: Although not equivalent, there are some Personal Data Protection laws being enforced around the globe which have been taken into account by weConnect while doing its adequacy process towards complying with this type of legislation (specially where those natural persons whose Personal Data is under Processing by us), however the above-mentioned laws still represent a more stringent or specific set of requirements. Some examples are: LGPD (Brazil); POPIA (South Africa); PIPEDA (Canada); PDPA (Singapore).
Why do we process your Personal Data?
We process Personal Data as an enabler to deliver our services, which consist of:
- Onboarding Talent on Behalf of Clients and Payroll Calculation (EOR Service)
An employer of record (EOR) service which point is to hire needed staff at any geographic location where the organization is not present, without having to create a local entity.
It is therefore an “outsourcing” service where weConnect or a partner company hires the resources while he/ she will be working for the Corporate Client.
The categories of Personal Data under Processing regarding the prospective employees consist of:
We process this set of Personal Data as a Processor under the legal basis of a contractual obligation, being our Corporate Client the Controller, hence Personal Data pertaining to its employees will be processed and retained for the duration of the services towards the Controller and any local legally defined retention period.
The Controller is always the entity that indicates a specific resource (prospective employee). Therefore, some Personal Data will be initially provided by the Controller and then, weConnect gets the rest from the Data Subject him/ herself (the prospective employee).
- Payroll Services
Outsourcing of full Scope of payroll calculation and associated services towards Corporate Clients. weConnect manages the onboarding, offboarding, salary and deduction calculation for our clients’ local entities.
This is an outsourcing service where the client doesn’t have the capability at their local entity to calculate or manage payroll and employee movements internally. weConnect will help manage a cyclical payroll so that employees’ salaries are calculated correctly and on time as per regulations for our clients’ entities.
The categories of Personal Data under Processing regarding the prospective employees consist of:
- Identification Data (name; company, role, gender)
- Contact Data (email, phone, emergency contact, address)
- Demographics (birthday/age, photo, nationality, marital status)
- Official Information (social security number, fiscal number, insurance number
- Financial Data (household, salary, banking information, tax category)
- Sensitive Categories of Personal Data (religion, ethnicity) as required by law in Singapore, the U.S. and Malaysia
We process this set of Personal Data as a Processor under the legal basis of a contractual obligation, being our Corporate Client the Controller.
- Statutory Benefits Administration
Legal statutory filings that must be done on behalf of the employee (health; pension; etc…).
The categories of Personal Data under Processing regarding the prospective employees consist of:
We process this set of Personal Data either as a Processor under the legal basis of a contractual obligation (where hired by a Corporate Client for its staff) or as a Controller with regards to our employees under the legal basis of a legal obligation.
The retention period will derive from local legislative requirements or, where we act as a Processor, until we receive instruction from the Controller to erase the information.
- Employee Tax Compliance / Year-End Adjustment
Prepare and finalize income tax declarations for Corporate Client employees as required by local legislation in several countries.
The categories of Personal Data under Processing regarding the prospective employees consist of:
- Identification Data (name; company, role, gender)
- Contact Data (email, phone, emergency contact, address)
- Demographics (birthday/age, photo, nationality, marital status)
- Official Information (social security number, fiscal number, insurance number
- Financial Data (household, salary, tax category, housing loan info, overseas dependent evidence)
- Sensitive Categories of Personal Data (place/country of birth) as required by law in Germany and France.
Please refer to the previous service for details on our role, the retention period and applicable legal basis for Processing.
- Employment Contract Drafting
Creating the contract and either forwarding it to the Corporate Client or having it signed by weConnect with the employee; .
The categories of Personal Data under Processing regarding the prospective employees consist of:
- Identification Data (name; company, role)
- Contact Data (address)
- Official Information (official document number)
- Financial Data (salary)
- Sensitive Categories of Personal Data (employee signature)
Please refer to the above for details on our role, the retention period and applicable legal basis for Processing.
- Compensation GAP Analysis
Complementary service to payroll, which can apply (e.g.) where a company wishes to bring onboard an expat, so there is room for special compensation, etc…
The categories of Personal Data under Processing regarding the prospective employees consist of:
- Identification Data (name; company, role)
- Financial Data (current and future possible salary and benefits information)
Please refer to the above for details on our role, the retention period and applicable legal basis for Processing.
- Accounting Services
Invoices (about sales) and employee reimbursement documents are received and those are “booked into” the accounting system. In the case of invoices there is a checking regarding if the correspondent pecuniary payment (cash) has entered the Bank Account; and in the case of employee reimbursement the process of payment is initiated. Note that the release for payment is always done by the Client.
The categories of Personal Data under Processing regarding the prospective employees consist of:
- Identification Data (name; company, role, employee number)
- Financial Data (salary, petty cash and expenses, banking information)
Please refer to the above for details on our role, the retention period and applicable legal basis for Processing.
- Bank Account Opening and Payments Processing
Where a Corporate Client asks or needs a bank account to be opened, weConnect will ask for relevant information (as per local country legal requirements) which will include Corporate and Personal Data (sensitive).
The categories of Personal Data under Processing regarding the prospective employees consist of:
- Identification Data (name; company, role)
- Contact Data (email, phone, address)
- Demographics (birthday/age, photo, nationality, etc… )
- Official Information (social security number, fiscal number, passport or legal ID document, power of attorney)
- Financial Data (TIN, salary, banking information)
weConnect also proceeds with the operational task of assuring on-going required payments out of that bank account if the Client does so wish.
Please refer to the above for details on our role, the retention period and applicable legal basis for Processing.
- CI Services
CI Services include the following sub-services:
- Entity Setup – where weConnect helps in creating a legal entity (company) in a given country.
The categories of Personal Data under Processing regarding the prospective persons consist of:
- Identification Data (name; company, role)
- Contact Data (email, phone, address)
- Demographics (birthday/age, photo, nationality, etc… )
- Official Information (social security number, fiscal number, passport or legal ID document; resume; company registry document)
- Financial Data (TIN, salary, banking information)
- Sensitive Personal Data (passport pages and photo; signature
- Visa Support
The categories of Personal Data under Processing regarding the prospective applicants consist of:
- Identification Data (name; company, role)
- Contact Data (address)
- Demographics (birthday/age, photo, nationality)
- Official Information (passport number, resume)
- Financial Data (bank account information)
We process this set of Personal Data either as a Processor under the legal basis of a contractual obligation (where hired by a Corporate Client for its staff) or as a Controller with regards to our employees under the legal basis of a legal obligation.
- TAX
Where a Corporate Client asks or needs tax registration services, weConnect also enables it.
The categories of Personal Data under Processing regarding the prospective employees consist of:
- Identification Data (name; company, role)
- Contact Data (email, phone, emergency contact, address)
- Demographics (birthday/age)
- Official Information (social security number, fiscal number, passport)
We process this set of Personal Data as a Processor under the legal basis of a contractual obligation.
- Invoicing
This is a pure B2B service where weConnect issues invoices on behalf of the Client towards other entities under the legal basis of a Legal Obligation.
Technical and operational safeguards
We are aware that Processing Personal Data may represent a risk to you if the data is accessed by unauthorized third parties. weConnect’s IT landscape is configured and monitored under guidance provided by the strictest security market standards (e.g., ISO 27000 family, Soc2, ITIL, Privacy by Design) and we have developed a set of policies, operational processes, and mechanisms to ensure that the Personal Data entrusted by you to us will be processed in a manner that guarantees to the maximum possible extent, (having regard to the current state of technical knowledge) its security, accuracy, confidentiality, and privacy.
Personal Data is exclusively Processed under the scope and purpose of the services described in this Privacy Notice.
Your data is under your control.
Every natural person (no exception) maintains full control over their Personal Data (and, where applicable, that of their children if minors), as well as over the Personal Data Processing Activities undertaken by weConnect (as defined under applicable national Personal Data Protection Legislation or the GDPR, whichever is stricter). Please refer to the below legal rights that assist you under this set of laws.
weConnect’s Data Protection Officer (DPO) contact information:
All questions or requests regarding the Processing of Personal Data under weConnect’s control may be addressed to weConnect’s Data Protection Officer.
Mr. Rui Serrano
Country: Portugal
Phone number: +351932579434
Email: dpo@weconnect.co
Accessory Processing of Personal Data
When you use a weConnect website, a session cookie file may be placed on your browser; please check that you have set your preferences in the cookie management tool.
You should be aware that, in some cases, the data collected in this way may make it possible for third parties to identify an individual who has accessed the website. You should disable non-essential cookies if you wish to avoid this.
weConnect only uses cookies that record information about the IT architecture and landscape of the device being used by the visitor (e.g., browser, device, etc…).
Your data rights under the law
Under applicable Personal Data Protection Legislation, you have the following rights in respect of your Personal Data:
Right of access. The right to obtain from us confirmation as to whether your Personal Data is being processed, and, if so, to access such Personal Data as well as related information. You may exercise this right by reviewing information on the weConnect website user account area or by submitting a request to our Data Protection Officer.
Right to rectification. The right to obtain the rectification of inaccurate Personal Data. Participants may exercise their right by submitting a request to our Data Protection Officer.
Right to erasure. The right to have your Personal Data that is processed by weConnect erased and, therefore, to have Processing stopped, unless a legal duty or a Legitimate Interest to retain certain data prevents weConnect from observing such right, in which case the data subject shall be duly informed. This right may be exercised by submitting a request to our Data Protection Officer.
The right to restrict Processing. This is the right to request and impose Processing restrictions (in scope and purpose) for your Personal Data. This right may be exercised by submitting a request to our Data Protection Officer.
The right to object to Processing. The right to object to Processing Activities that have been qualified under this Privacy Notice as arising under the legal basis of Legitimate Interest on the part of weConnect. This right may be exercised by submitting a request to our Data Protection Officer.
Right to opt out of sales/ sharing of Personal Data – We do not sell your data, under any circumstances.
Right to data portability. The right to receive your Personal Data in a structured, commonly-used and machine-readable format as well as the right to transmit them to another controller without obstacle. This right may be exercised by submitting a request to our Data Protection Officer
Right to be informed about a Personal Data breach. You have the right, and it is our obligation to ensure it, to be informed of any unauthorized disclosure or potential disclosure of your Personal Data to unauthorized third parties within 72 hours of the occurrence of such disclosure or knowledge by weConnect of potential disclosure, as the case may be.
Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding weConnect’s processing activities in relation to Personal Data with any of the European Union Member States’ data protection Supervisory Authorities as well as your local Supervisory Authority if you are located outside of the European Union. You can find a list of the European Union Member States; data protection Supervisory Authorities here Our Members | European Data Protection Board (europa.eu).
Right to be free from discrimination. You may exercise any of the above rights without fear of being discriminated against. For any of the above-mentioned CCPA/ CPRA related rights, you may designate an authorized agent to make a request on your behalf.
You may exercise your rights under applicable Personal Data Protection Legislation by contacting weConnect’s Data Protection Officer through the e-mail address dpo@weconnect.co.